Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-30548 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VarDump s.r.l. Advanced Post Search allows Reflected XSS. This issue affects Advanced Post Search: from n/a through 1.1.0.
CVSS: HIGH (7.1) EPSS Score: 0.04%
April 1st, 2025 (21 days ago)
|
|
CVE-2025-30547 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Tufts WP Cards allows Reflected XSS. This issue affects WP Cards: from n/a through 1.5.1.
CVSS: HIGH (7.1) EPSS Score: 0.04%
April 1st, 2025 (21 days ago)
|
|
CVE-2025-30544 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound OK Poster Group allows Reflected XSS. This issue affects OK Poster Group: from n/a through 1.1.
CVSS: HIGH (7.1) EPSS Score: 0.04%
April 1st, 2025 (21 days ago)
|
|
CVE-2025-30520 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in crosstec Breezing Forms allows Reflected XSS. This issue affects Breezing Forms: from n/a through 1.2.8.11.
CVSS: HIGH (7.1) EPSS Score: 0.04%
April 1st, 2025 (21 days ago)
|
|
CVE-2025-22277 |
Description: Authentication Bypass Using an Alternate Path or Channel vulnerability in appsbd Vitepos allows Authentication Abuse. This issue affects Vitepos: from n/a through 3.1.4.
CVSS: HIGH (8.8) EPSS Score: 0.06%
April 1st, 2025 (21 days ago)
|
|
CVE-2024-13567 |
Description: The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.3.1 via the 'awesome-support' directory. This makes it possible for unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads/awesome-support directory which can contain file attachments included in support tickets. The vulnerability was partially patched in version 6.3.1.
CVSS: HIGH (7.5) EPSS Score: 0.05%
April 1st, 2025 (21 days ago)
|
|
CVE-2025-2008 |
Description: The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import_single_post_as_csv() function in all versions up to, and including, 7.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS: HIGH (8.8) EPSS Score: 0.26%
April 1st, 2025 (21 days ago)
|
|
CVE-2025-2007 |
Description: The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteImage() function in all versions up to, and including, 7.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
CVSS: HIGH (8.1) EPSS Score: 0.59%
April 1st, 2025 (21 days ago)
|
|
CVE-2025-31625 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ramanparashar Useinfluence allows Stored XSS. This issue affects Useinfluence: from n/a through 1.0.8.
CVSS: HIGH (7.1) EPSS Score: 0.04%
March 31st, 2025 (21 days ago)
|
|
CVE-2025-31623 |
Description: Cross-Site Request Forgery (CSRF) vulnerability in richtexteditor Rich Text Editor allows Stored XSS. This issue affects Rich Text Editor: from n/a through 1.0.1.
CVSS: HIGH (7.1) EPSS Score: 0.02%
March 31st, 2025 (21 days ago)
|